Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Many entries that are malware related in Autoruns log


  • This topic is locked This topic is locked
32 replies to this topic

#1 Renzo11

Renzo11

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 12 February 2015 - 11:54 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by Test1 (administrator) on RENZO-PC on 12-02-2015 17:48:00
Running from C:\Users\Test1\Downloads
Loaded Profiles: Test1 (Available profiles: Test1 & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\hp\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Spotify Ltd) C:\Users\Test1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Sysinternals - www.sysinternals.com) C:\Users\Test1\Desktop\autoruns.exe
(Blizzard Entertainment) C:\World of Warcraft\Wow-64.exe
(Blizzard Entertainment) C:\World of Warcraft\Utils\WowBrowserProxy.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2015-02-03] (Hewlett-Packard)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\...\Run: [HPADVISOR] => [X]
HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\...\Run: [Spotify Web Helper] => C:\Users\Test1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-11-23] (Spotify Ltd)
HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\...\MountPoints2: G - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\...\MountPoints2: {2b9897d7-89e8-11e4-bf5d-90e6baa4d405} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\...\MountPoints2: {69528b1d-17fc-11e4-914f-90e6baa4d405} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\...\MountPoints2: {bd954ec2-9e03-11e3-bcff-90e6baa4d405} - J:\Startme.exe
AppInit_DLLs-x32: c:\progra~3\browse~2\261249~1.132\{c16c1~1\browse~1.dll => "c:\progra~3\browse~2\261249~1.132\{c16c1~1\browse~1.dll" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_NL&c=94&bd=Pavilion&pf=cndt
HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=nl-NL&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fwww.google.com&OSP=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26src%3DIE%2DSearchBox%26FORM%3DIESR02
SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=4360735213404760&q={searchTerms}
SearchScopes: HKLM -> {A13894CB-A4EF-4E58-9FD5-081EF2BDE063} URL = http://nl.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913935
SearchScopes: HKLM -> {AFD40784-1DD4-4B96-BF5C-785EC442F4C5} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1172&query={searchTerms}&invocationType=tb50hpcndtie7-nl-nl
SearchScopes: HKLM -> {CD741029-F4ED-420D-B01D-81DE173E1741} URL = http://nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=4360735213404760&q={searchTerms}
SearchScopes: HKLM-x32 -> {A13894CB-A4EF-4E58-9FD5-081EF2BDE063} URL = http://nl.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913935
SearchScopes: HKLM-x32 -> {AFD40784-1DD4-4B96-BF5C-785EC442F4C5} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1172&query={searchTerms}&invocationType=tb50hpcndtie7-nl-nl
SearchScopes: HKLM-x32 -> {CD741029-F4ED-420D-B01D-81DE173E1741} URL = http://nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-3991530428-1297385551-2610144278-1006 -> URL http://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPF92DFC70-F9AC-4357-9EE1-80108CE6A30E&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3991530428-1297385551-2610144278-1006 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-3991530428-1297385551-2610144278-1006 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPF92DFC70-F9AC-4357-9EE1-80108CE6A30E&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3991530428-1297385551-2610144278-1006 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
Toolbar: HKU\S-1-5-21-3991530428-1297385551-2610144278-1006 -> No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
Toolbar: HKU\S-1-5-21-3991530428-1297385551-2610144278-1006 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKU\S-1-5-21-3991530428-1297385551-2610144278-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Test1\AppData\Roaming\Mozilla\Firefox\Profiles\gn64g4dx.default
FF Homepage: https://www.youtube.com/feed/subscriptions
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.102.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3991530428-1297385551-2610144278-1006: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Security Plus - C:\Users\Test1\AppData\Roaming\Mozilla\Firefox\Profiles\gn64g4dx.default\Extensions\jid0-DjsrWcAS3Wgq2xyyqqVL8Dqk1Lo@jetpack.xpi [2014-12-22]
FF Extension: Adblock Plus - C:\Users\Test1\AppData\Roaming\Mozilla\Firefox\Profiles\gn64g4dx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-22]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-08-07]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Test1\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\Test1\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-05]
CHR Extension: (YouTube) - C:\Users\Test1\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-05]
CHR Extension: (Google Zoeken) - C:\Users\Test1\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-05]
CHR Extension: (NextCoup) - C:\Users\Test1\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ephbjjpleipegfhmlkfijiflmjcgkhdm [2014-12-03]
CHR Extension: (AdBlock) - C:\Users\Test1\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-05]
CHR Extension: (Google Wallet) - C:\Users\Test1\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-05]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Test1\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-11-05]
CHR Extension: (Gmail) - C:\Users\Test1\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-05]
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\renzo\AppData\Roaming\BabSolution\CR\Delta.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Cleaner_Validator; C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [371648 2010-12-09] ()
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-02-05] (NVIDIA Corporation)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-02-05] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-02-23] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [79552 2010-12-09] (Windows ® Win 7 DDK provider)
R1 CFRPD; C:\Windows\System32\DRIVERS\CFRPD.sys [41472 2010-12-09] (Windows ® Win 7 DDK provider)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R1 MpKsl6aa701b0; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{698090D6-B069-4350-8C34-0899B3F87D15}\MpKsl6aa701b0.sys [45352 2015-02-12] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-02-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-02-05] (NVIDIA Corporation)
S3 rt61x64; C:\Windows\System32\DRIVERS\WMP54Gv41x64.sys [446304 2010-04-07] (Ralink Technology, Corp.)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-02-21] (Razer, Inc.)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2013-11-15] (Razer Inc)
R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74432 2014-02-21] (Razer, Inc.)
S3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [34984 2013-11-15] (Razer Inc)
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [72704 2010-03-11] (Razer USA Ltd)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 17:48 - 2015-02-12 17:48 - 00021106 _____ () C:\Users\Test1\Downloads\FRST.txt
2015-02-12 17:47 - 2015-02-12 17:48 - 00000000 ____D () C:\FRST
2015-02-12 17:46 - 2015-02-12 17:47 - 02134016 _____ (Farbar) C:\Users\Test1\Downloads\FRST64.exe
2015-02-12 17:00 - 2015-02-12 17:00 - 06708078 _____ () C:\Users\Test1\Desktop\RENZO-PC.arn
2015-02-12 16:57 - 2015-02-12 16:57 - 00573697 _____ () C:\Users\Test1\Downloads\Autoruns.zip
2015-02-12 16:56 - 2015-02-12 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-02-12 16:56 - 2015-02-12 16:56 - 00000000 ____D () C:\Program Files\7-Zip
2015-02-12 16:55 - 2015-02-12 16:55 - 01376768 _____ () C:\Users\Test1\Downloads\7z920-x64.msi
2015-02-12 16:35 - 2015-02-05 22:01 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-02-12 16:35 - 2015-02-05 22:01 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-02-12 16:35 - 2015-02-05 22:01 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-02-12 16:35 - 2015-02-05 22:01 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-02-12 16:34 - 2015-02-05 18:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-02-12 16:27 - 2015-02-05 22:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-12 16:27 - 2015-02-05 22:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-02-12 16:27 - 2015-02-05 22:01 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-02-12 16:24 - 2015-02-12 16:24 - 309136440 _____ (NVIDIA Corporation) C:\Users\Test1\Downloads\347.52-desktop-win8-win7-winvista-64bit-international-whql.exe
2015-02-12 15:00 - 2015-02-12 15:00 - 00018999 _____ () C:\Users\Test1\Downloads\Result.txt
2015-02-12 14:58 - 2015-02-12 14:58 - 00401920 _____ (Farbar) C:\Users\Test1\Downloads\MiniToolBox.exe
2015-02-12 10:57 - 2015-02-12 16:39 - 00007514 _____ () C:\Windows\PFRO.log
2015-02-11 09:38 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 09:38 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 09:37 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 09:37 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 09:37 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 09:37 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 09:37 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 09:37 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 09:37 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 09:37 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 09:37 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 09:37 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 09:37 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 09:37 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 09:37 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 09:37 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 09:37 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 09:37 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 09:37 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 09:37 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 09:37 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 09:37 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 09:37 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 09:37 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 09:34 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 09:34 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 09:34 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 09:34 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 09:34 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 09:34 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 09:34 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 09:34 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 09:34 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 09:34 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 09:34 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 09:34 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 09:34 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 09:34 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 09:34 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 09:34 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 09:34 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 09:34 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 09:34 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 09:34 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 09:34 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 09:34 - 2015-01-12 02:55 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 09:34 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 09:34 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 09:34 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 09:34 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 09:34 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 09:34 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 09:34 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 09:34 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 09:34 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 09:34 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 09:34 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 09:34 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 09:34 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 09:34 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 09:34 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 09:34 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 09:34 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 09:33 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 09:33 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 09:33 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 09:33 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 09:33 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 09:33 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 09:33 - 2015-01-12 03:33 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 09:33 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 09:33 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 09:33 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 09:33 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 09:33 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 09:33 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 09:33 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 09:33 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 09:33 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 09:33 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 09:31 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 09:31 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 09:31 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 09:31 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 09:31 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 09:31 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 09:31 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 09:31 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 09:31 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 09:31 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 09:31 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 09:31 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 09:31 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 09:31 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 09:31 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 09:31 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 09:31 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 09:31 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 09:28 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 09:28 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 09:26 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 09:26 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 09:20 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 09:20 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 09:17 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 09:17 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 09:17 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 09:17 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 09:17 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 09:17 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 09:17 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 09:13 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 08:54 - 2015-02-12 16:44 - 01949208 _____ () C:\Windows\WindowsUpdate.log
2015-02-11 08:53 - 2015-02-12 16:40 - 00000990 _____ () C:\Windows\setupact.log
2015-02-11 08:53 - 2015-02-11 08:53 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-10 17:53 - 2015-02-10 17:53 - 00003754 _____ () C:\Users\Test1\Downloads\[Grind] [A] [96-100] - Spires of Arak - Sethekk Hollow.xml
2015-02-10 15:28 - 2015-02-10 15:28 - 00003848 _____ () C:\Users\Test1\Downloads\[H] 96- 98.xml
2015-02-10 13:36 - 2015-02-10 13:36 - 01578344 _____ (Bandoo Media Inc) C:\Users\Test1\Downloads\jZipSetup-r20-n-bf.exe
2015-02-10 13:33 - 2015-02-10 13:34 - 10605774 _____ () C:\Users\Test1\Downloads\Ralph lauren tas.zip
2015-02-10 13:00 - 2015-02-10 13:00 - 00003154 _____ () C:\Users\Test1\Downloads\[96-100] Spires of Arak - Humanoids [Grind] v1.xml
2015-02-10 01:03 - 2015-02-10 01:03 - 00000000 ____D () C:\ProgramData\Apple
2015-02-09 20:39 - 2015-02-09 20:39 - 00002347 _____ () C:\Users\Test1\Downloads\96-100 {A} Spires of arak. Admiral Taylor.xml
2015-02-09 15:26 - 2015-02-09 15:26 - 00004042 _____ () C:\Users\Test1\Downloads\A- Sunset shore-Talador- 94-96.xml
2015-02-09 14:59 - 2015-02-09 14:59 - 00002212 _____ () C:\Users\Test1\Downloads\Grove Street.xml
2015-02-08 09:52 - 2015-02-12 16:59 - 00563864 _____ (Sysinternals - www.sysinternals.com) C:\Users\Test1\Desktop\autorunsc.exe
2015-02-08 09:44 - 2015-02-12 16:59 - 00650392 _____ (Sysinternals - www.sysinternals.com) C:\Users\Test1\Desktop\autoruns.exe
2015-02-04 21:51 - 2015-02-04 21:51 - 05070512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-02-03 23:46 - 2015-02-04 23:33 - 00000000 ____D () C:\Users\Test1\AppData\Local\Popcorn-Time
2015-02-03 23:44 - 2015-02-03 23:44 - 00002216 _____ () C:\Users\Test1\Desktop\Popcorn Time.lnk
2015-02-03 23:44 - 2015-02-03 23:44 - 00000000 ____D () C:\Users\Test1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2015-02-03 23:43 - 2015-02-03 23:44 - 00000000 ____D () C:\Users\Test1\AppData\Local\Popcorn Time
2015-02-03 23:42 - 2015-02-03 23:42 - 23236288 _____ (Popcorn Official) C:\Users\Test1\Downloads\Popcorn-Time-0.3.7.1-Setup.exe
2015-01-27 13:22 - 2015-02-03 21:22 - 00000000 ____D () C:\Users\Test1\AppData\Roaming\TS3Client
2015-01-27 13:21 - 2015-01-27 13:21 - 00001215 _____ () C:\Users\Test1\Desktop\TeamSpeak 3 Client.lnk
2015-01-27 13:21 - 2015-01-27 13:21 - 00000000 ____D () C:\Users\Test1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-01-27 13:21 - 2015-01-27 13:21 - 00000000 ____D () C:\Users\Test1\AppData\Local\TeamSpeak 3 Client
2015-01-27 13:19 - 2015-01-27 13:20 - 30014480 _____ (TeamSpeak Systems GmbH) C:\Users\Test1\Downloads\TeamSpeak3-Client-win64-3.0.16.exe
2015-01-27 12:31 - 2015-01-27 12:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-20 17:52 - 2015-02-05 22:01 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-01-20 17:52 - 2014-12-13 11:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2015-01-20 17:52 - 2014-12-13 11:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2015-01-20 17:52 - 2014-10-09 18:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-01-20 17:52 - 2014-10-09 18:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-01-20 17:52 - 2014-10-09 08:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2015-01-18 15:30 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-16 21:32 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-16 21:32 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-16 21:32 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-16 21:32 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-16 21:32 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 17:49 - 2010-08-29 13:50 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-12 17:14 - 2012-05-10 14:42 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3991530428-1297385551-2610144278-1000UA.job
2015-02-12 17:07 - 2014-05-07 23:45 - 00000000 ____D () C:\Users\Test1\AppData\Local\Battle.net
2015-02-12 16:59 - 2015-01-04 14:04 - 00050512 _____ () C:\Users\Test1\Desktop\autoruns.chm
2015-02-12 16:59 - 2006-07-28 09:32 - 00007005 _____ () C:\Users\Test1\Desktop\Eula.txt
2015-02-12 16:52 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-12 16:52 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-12 16:51 - 2013-02-26 22:26 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-12 16:49 - 2010-08-29 13:50 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-12 16:39 - 2010-08-29 13:50 - 00000000 ___HD () C:\Program Files\Google
2015-02-12 16:39 - 2010-08-29 13:50 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-12 16:39 - 2009-09-15 21:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-12 16:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-12 16:38 - 2014-06-06 02:03 - 00012210 _____ () C:\Windows\cscmondump.bin
2015-02-12 16:35 - 2010-06-21 18:19 - 00000000 ___HD () C:\Program Files\NVIDIA Corporation
2015-02-12 16:34 - 2014-12-20 11:02 - 00000000 ____D () C:\Temp
2015-02-12 16:34 - 2014-09-28 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-12 16:15 - 2014-07-23 13:53 - 00000000 ____D () C:\Users\Test1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2015-02-12 16:04 - 2013-02-19 18:59 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3991530428-1297385551-2610144278-1000UA.job
2015-02-12 15:32 - 2013-07-16 13:47 - 00000000 ____D () C:\Users\Test1\AppData\Local\jZip
2015-02-12 15:21 - 2013-04-17 10:28 - 00000000 ____D () C:\Users\Test1\AppData\Local\Google
2015-02-12 15:19 - 2014-06-03 14:12 - 00000000 ____D () C:\Users\Test1\AppData\Local\Adobe
2015-02-12 15:19 - 2010-10-10 11:55 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-12 10:58 - 2014-09-28 17:05 - 00000000 ____D () C:\Users\Test1\AppData\Local\NVIDIA Corporation
2015-02-12 10:57 - 2009-07-14 05:45 - 00396864 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 03:17 - 2014-12-10 03:27 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 03:17 - 2014-05-06 15:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 03:15 - 2013-01-25 18:36 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-12 03:12 - 2011-02-07 16:03 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-02-12 03:12 - 2011-02-07 16:02 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-12 03:12 - 2011-02-07 16:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-12 03:12 - 2010-01-23 18:15 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-12 03:11 - 2013-08-14 02:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 03:09 - 2013-04-17 10:02 - 00000000 ____D () C:\Users\Test1
2015-02-12 03:03 - 2010-01-25 20:46 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 23:14 - 2012-05-10 14:42 - 00001014 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3991530428-1297385551-2610144278-1000Core.job
2015-02-11 20:40 - 2014-06-05 19:40 - 00000450 _____ () C:\Windows\Tasks\COMODO Updater.job
2015-02-11 19:21 - 2013-02-19 18:59 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3991530428-1297385551-2610144278-1000Core.job
2015-02-11 09:35 - 2013-07-27 03:37 - 00000000 ____D () C:\Users\Test1\AppData\Local\CrashDumps
2015-02-11 09:34 - 2010-10-02 12:13 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-02-11 09:22 - 2014-07-24 16:57 - 00000000 ____D () C:\Users\Test1\AppData\Roaming\uTorrent
2015-02-10 14:20 - 2014-03-12 19:30 - 00000000 ____D () C:\Users\Test1\Documents\bestandmap-renzo-lol
2015-02-10 02:47 - 2014-06-06 02:03 - 01544964 _____ () C:\Windows\CSC_ServiceDump.dat
2015-02-10 02:47 - 2014-06-06 02:03 - 00539590 _____ () C:\Windows\CSC_ActiveCleanLog.dat
2015-02-09 15:46 - 2013-05-02 14:07 - 00000000 ____D () C:\Users\Test1\AppData\Roaming\Skype
2015-02-09 11:37 - 2011-10-30 13:27 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-02-09 11:37 - 2010-01-23 11:49 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-02-05 22:01 - 2014-11-04 16:48 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-05 22:01 - 2014-09-28 16:59 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-02-05 22:01 - 2014-07-30 16:34 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-05 22:01 - 2010-08-08 23:35 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-02-05 22:01 - 2010-08-08 23:35 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-02-05 20:07 - 2014-10-26 17:37 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-05 20:07 - 2014-07-30 16:37 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-05 20:07 - 2014-07-30 16:37 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-05 20:07 - 2014-07-30 16:37 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-05 20:07 - 2014-07-30 16:37 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-05 20:06 - 2014-07-30 16:37 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-05 17:24 - 2009-09-16 06:57 - 00748870 _____ () C:\Windows\system32\perfh013.dat
2015-02-05 17:24 - 2009-09-16 06:57 - 00154838 _____ () C:\Windows\system32\perfc013.dat
2015-02-05 17:24 - 2009-07-14 06:13 - 01680172 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-05 13:50 - 2014-07-30 16:37 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-02-04 21:51 - 2013-02-26 22:26 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 21:51 - 2013-02-26 22:26 - 00003878 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 21:51 - 2011-05-16 10:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 15:32 - 2013-07-17 00:04 - 00000000 ____D () C:\Users\Test1\AppData\Local\Deployment
2015-01-31 10:00 - 2010-01-22 14:06 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2015-01-28 09:42 - 2014-12-22 20:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2013-07-26 18:31 - 2013-07-28 04:13 - 0034816 _____ () C:\Users\Test1\AppData\Roaming\RZR_0020734845f6b952e97d027f494c.db
2013-11-27 21:02 - 2013-11-27 22:12 - 0005120 _____ () C:\Users\Test1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-24 16:42 - 2014-07-24 20:59 - 0000003 _____ () C:\Users\Test1\AppData\Local\proxy.log
2013-05-13 18:26 - 2013-05-13 18:26 - 0007605 _____ () C:\Users\Test1\AppData\Local\Resmon.ResmonCfg
2010-08-22 12:12 - 2010-08-22 12:37 - 0001053 _____ () C:\ProgramData\hpzinstall.log
2011-10-27 10:50 - 2011-10-25 12:18 - 2701696 _____ (mquadr.at software engineering und consulting GmbH) C:\ProgramData\UpdateKPNAssistent.exe

Files to move or delete:
====================
C:\ProgramData\UpdateKPNAssistent.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 12:39

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Renzo11

Renzo11
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 13 February 2015 - 06:49 AM

To the helper going to clean me: i realize you will be doing this during your free time, and i'd sincerely like to thank you in advance. I am looking forward to working out the steps with you! Please take your time. I will wait patiently! =)



#3 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 15 February 2015 - 01:41 AM

Hello Renzo11, welcome to Bleeping Computer's Malware Removal forum!
 
My name is Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. smile.png
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable at times.   
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • I will notify you when I believe your computer is free of malware. Please bear in mind, absence of symptoms does not necessarily correlate to absence of malware, so please wait until the "All Clean". 
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 

======================================================
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    CreateRestorePoint:
    HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\...\MountPoints2: G - G:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\...\MountPoints2: {2b9897d7-89e8-11e4-bf5d-90e6baa4d405} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\...\MountPoints2: {69528b1d-17fc-11e4-914f-90e6baa4d405} - G:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\...\MountPoints2: {bd954ec2-9e03-11e3-bcff-90e6baa4d405} - J:\Startme.exe
    AppInit_DLLs-x32: c:\progra~3\browse~2\261249~1.132\{c16c1~1\browse~1.dll => "c:\progra~3\browse~2\261249~1.132\{c16c1~1\browse~1.dll" File Not Found
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
    SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=4360735213404760&q={searchTerms}
    SearchScopes: HKLM -> {AFD40784-1DD4-4B96-BF5C-785EC442F4C5} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1172&query={searchTerms}&invocationType=tb50hpcndtie7-nl-nl
    SearchScopes: HKLM -> {CD741029-F4ED-420D-B01D-81DE173E1741} URL = http://nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
    SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=4360735213404760&q={searchTerms}
    SearchScopes: HKLM-x32 -> {AFD40784-1DD4-4B96-BF5C-785EC442F4C5} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1172&query={searchTerms}&invocationType=tb50hpcndtie7-nl-nl
    SearchScopes: HKLM-x32 -> {CD741029-F4ED-420D-B01D-81DE173E1741} URL = http://nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
    SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
    SearchScopes: HKU\S-1-5-21-3991530428-1297385551-2610144278-1006 -> URL http://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPF92DFC70-F9AC-4357-9EE1-80108CE6A30E&q={searchTerms}&SSPV=
    SearchScopes: HKU\S-1-5-21-3991530428-1297385551-2610144278-1006 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
    SearchScopes: HKU\S-1-5-21-3991530428-1297385551-2610144278-1006 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPF92DFC70-F9AC-4357-9EE1-80108CE6A30E&q={searchTerms}&SSPV=
    SearchScopes: HKU\S-1-5-21-3991530428-1297385551-2610144278-1006 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
    Toolbar: HKU\S-1-5-21-3991530428-1297385551-2610144278-1006 -> No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
    Toolbar: HKU\S-1-5-21-3991530428-1297385551-2610144278-1006 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
    Toolbar: HKU\S-1-5-21-3991530428-1297385551-2610144278-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    TuneUp Utilities Language Pack (nl-NL) (x32 Version: 13.0.3020.15 - TuneUp Software) Hidden
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    C:\Program Files (x86)\Pando Networks
    CHR Extension: (NextCoup) - C:\Users\Test1\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ephbjjpleipegfhmlkfijiflmjcgkhdm [2014-12-03]
    CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\renzo\AppData\Roaming\BabSolution\CR\Delta.crx [Not Found]
    C:\Users\renzo\AppData\Roaming\BabSolution
    S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
    2015-02-10 13:36 - 2015-02-10 13:36 - 01578344 _____ (Bandoo Media Inc) C:\Users\Test1\Downloads\jZipSetup-r20-n-bf.exe
    2015-02-12 15:32 - 2013-07-16 13:47 - 00000000 ____D () C:\Users\Test1\AppData\Local\jZip
    Task: {319773FF-A2B0-4730-837F-4D0CDF1ECF50} - System32\Tasks\EPUpdater => C:\Users\renzo\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
    C:\Users\renzo\AppData\Roaming\BABSOL~1
    Task: {C65E5B3C-43AD-4E14-AD98-6AF0BB07E392} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe [2013-05-19] (http://www.goforfiles.com/) <==== ATTENTION
    C:\Program Files (x86)\GoforFiles
    C:\Program Files (x86)\facemoods.com
    C:\Program Files (x86)\SweetIM
    reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\facemoods" /f
    reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM" /f
    CMD: ipconfig /flushdns
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
EtQetiM.png Uninstall Software

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall.
    • TuneUp Utilities Language Pack (nl-NL)
  • Follow the prompts.
  • Note: If you are offered the choice to install additional software, ensure you decline.
  • Reboot if necessary.
     

STEP 3
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Create a System Restore Point. For instructions, please refer to the following link (W7).
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 4
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 
======================================================

STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • Did the programme uninstall successfully?
  • JRT.txt
  • AdwCleaner[S0].txt

Edited by LiquidTension, 15 February 2015 - 01:44 AM.

Posted Image

#4 Renzo11

Renzo11
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 15 February 2015 - 06:58 AM

Dear Helper, thank you in advance for helping me! Here is the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-02-2015
Ran by Test1 at 2015-02-15 12:25:37 Run:1
Running from C:\Users\Test1\Downloads
Loaded Profiles: Test1 (Available profiles: Test1 & Gast)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\...\MountPoints2: G - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\...\MountPoints2: {2b9897d7-89e8-11e4-bf5d-90e6baa4d405} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\...\MountPoints2: {69528b1d-17fc-11e4-914f-90e6baa4d405} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\...\MountPoints2: {bd954ec2-9e03-11e3-bcff-90e6baa4d405} - J:\Startme.exe
AppInit_DLLs-x32: c:\progra~3\browse~2\261249~1.132\{c16c1~1\browse~1.dll => "c:\progra~3\browse~2\261249~1.132\{c16c1~1\browse~1.dll" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=4360735213404760&q={searchTerms}
SearchScopes: HKLM -> {AFD40784-1DD4-4B96-BF5C-785EC442F4C5} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1172&query={searchTerms}&invocationType=tb50hpcndtie7-nl-nl
SearchScopes: HKLM -> {CD741029-F4ED-420D-B01D-81DE173E1741} URL = http://nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=4360735213404760&q={searchTerms}
SearchScopes: HKLM-x32 -> {AFD40784-1DD4-4B96-BF5C-785EC442F4C5} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1172&query={searchTerms}&invocationType=tb50hpcndtie7-nl-nl
SearchScopes: HKLM-x32 -> {CD741029-F4ED-420D-B01D-81DE173E1741} URL = http://nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-3991530428-1297385551-2610144278-1006 -> URL http://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPF92DFC70-F9AC-4357-9EE1-80108CE6A30E&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3991530428-1297385551-2610144278-1006 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-3991530428-1297385551-2610144278-1006 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPF92DFC70-F9AC-4357-9EE1-80108CE6A30E&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3991530428-1297385551-2610144278-1006 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
Toolbar: HKU\S-1-5-21-3991530428-1297385551-2610144278-1006 -> No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
Toolbar: HKU\S-1-5-21-3991530428-1297385551-2610144278-1006 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKU\S-1-5-21-3991530428-1297385551-2610144278-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
TuneUp Utilities Language Pack (nl-NL) (x32 Version: 13.0.3020.15 - TuneUp Software) Hidden
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
C:\Program Files (x86)\Pando Networks
CHR Extension: (NextCoup) - C:\Users\Test1\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ephbjjpleipegfhmlkfijiflmjcgkhdm [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\renzo\AppData\Roaming\BabSolution\CR\Delta.crx [Not Found]
C:\Users\renzo\AppData\Roaming\BabSolution
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
2015-02-10 13:36 - 2015-02-10 13:36 - 01578344 _____ (Bandoo Media Inc) C:\Users\Test1\Downloads\jZipSetup-r20-n-bf.exe
2015-02-12 15:32 - 2013-07-16 13:47 - 00000000 ____D () C:\Users\Test1\AppData\Local\jZip
Task: {319773FF-A2B0-4730-837F-4D0CDF1ECF50} - System32\Tasks\EPUpdater => C:\Users\renzo\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
C:\Users\renzo\AppData\Roaming\BABSOL~1
Task: {C65E5B3C-43AD-4E14-AD98-6AF0BB07E392} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe [2013-05-19] (http://www.goforfiles.com/) <==== ATTENTION
C:\Program Files (x86)\GoforFiles
C:\Program Files (x86)\facemoods.com
C:\Program Files (x86)\SweetIM
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\facemoods" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM" /f
CMD: ipconfig /flushdns
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => Key deleted successfully.
"HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => Key deleted successfully.
"HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b9897d7-89e8-11e4-bf5d-90e6baa4d405}" => Key deleted successfully.
HKCR\CLSID\{2b9897d7-89e8-11e4-bf5d-90e6baa4d405} => Key not found.
"HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69528b1d-17fc-11e4-914f-90e6baa4d405}" => Key deleted successfully.
HKCR\CLSID\{69528b1d-17fc-11e4-914f-90e6baa4d405} => Key not found.
"HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd954ec2-9e03-11e3-bcff-90e6baa4d405}" => Key deleted successfully.
HKCR\CLSID\{bd954ec2-9e03-11e3-bcff-90e6baa4d405} => Key not found.
"c:\progra~3\browse~2\261249~1.132\{c16c1~1\browse~1.dll" => Value Data removed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFD40784-1DD4-4B96-BF5C-785EC442F4C5}" => Key deleted successfully.
HKCR\CLSID\{AFD40784-1DD4-4B96-BF5C-785EC442F4C5} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CD741029-F4ED-420D-B01D-81DE173E1741}" => Key deleted successfully.
HKCR\CLSID\{CD741029-F4ED-420D-B01D-81DE173E1741} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFD40784-1DD4-4B96-BF5C-785EC442F4C5}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{AFD40784-1DD4-4B96-BF5C-785EC442F4C5} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{CD741029-F4ED-420D-B01D-81DE173E1741}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{CD741029-F4ED-420D-B01D-81DE173E1741} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => Key deleted successfully.
HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key not found.
HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.
HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully.
"HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
"HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} => value deleted successfully.
HKCR\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922} => Key not found.
HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} => value deleted successfully.
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} => Key not found.
HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F976B1D-7CFD-44F6-B016-1D3B0FFA937A}\\SystemComponent => value deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
C:\Program Files (x86)\Pando Networks => Moved successfully.
C:\Users\Test1\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ephbjjpleipegfhmlkfijiflmjcgkhdm => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde" => Key deleted successfully.
"C:\Users\renzo\AppData\Roaming\BabSolution" => File/Directory not found.
WinRing0_1_2_0 => Service deleted successfully.
C:\Users\Test1\Downloads\jZipSetup-r20-n-bf.exe => Moved successfully.
C:\Users\Test1\AppData\Local\jZip => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{319773FF-A2B0-4730-837F-4D0CDF1ECF50}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{319773FF-A2B0-4730-837F-4D0CDF1ECF50}" => Key deleted successfully.
C:\Windows\System32\Tasks\EPUpdater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater" => Key deleted successfully.
"C:\Users\renzo\AppData\Roaming\BABSOL~1" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C65E5B3C-43AD-4E14-AD98-6AF0BB07E392}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C65E5B3C-43AD-4E14-AD98-6AF0BB07E392}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoforFilesUpdate => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoforFilesUpdate" => Key deleted successfully.
C:\Program Files (x86)\GoforFiles => Moved successfully.
"C:\Program Files (x86)\facemoods.com" => File/Directory not found.
"C:\Program Files (x86)\SweetIM" => File/Directory not found.

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\facemoods" /f =========

reg wordt niet herkend als een interne
of externe opdracht, programma of batchbestand.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM" /f =========

reg wordt niet herkend als een interne
of externe opdracht, programma of batchbestand.


========= End of Reg: =========


=========  ipconfig /flushdns =========

ipconfig wordt niet herkend als een interne
of externe opdracht, programma of batchbestand.

========= End of CMD: =========

EmptyTemp: => Removed 141.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 12:26:42 ====



#5 Renzo11

Renzo11
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 15 February 2015 - 07:00 AM

I had to use Revo uninstaller pro, to uninstall the tuneup program. It is now successfully uninstalled.

Also, the Junkware removal tool does not seem to be scanning, nor does it create any log!



#6 Renzo11

Renzo11
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 15 February 2015 - 07:10 AM

WIth step 4, i did not see the 'report', but here is the log after scanning

 

# AdwCleaner v4.110 - Logfile created 15/02/2015 at 13:06:17
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Test1 - RENZO-PC
# Running from : C:\Users\Test1\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trusted Publisher
Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\DealExpress
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Gast\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Gast\AppData\Local\torch
Folder Deleted : C:\Users\Gast\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Gast\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Gast\AppData\LocalLow\jziptoolbargaw
Folder Deleted : C:\Users\Gast\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\Gast\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Test1\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Test1\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Test1\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Test1\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\Test1\AppData\Roaming\EZDownloader
Folder Deleted : C:\Users\Test1\AppData\Roaming\iSafe
Folder Deleted : C:\Users\Test1\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ephbjjpleipegfhmlkfijiflmjcgkhdm
Folder Deleted : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ephbjjpleipegfhmlkfijiflmjcgkhdm
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ephbjjpleipegfhmlkfijiflmjcgkhdm
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\null
Folder Deleted : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\null
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\null
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofmdajojnppecpkbdmgdohlgojlknedl
Folder Deleted : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofmdajojnppecpkbdmgdohlgojlknedl
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofmdajojnppecpkbdmgdohlgojlknedl
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\okljmanonigbplpkdmgdocaekhapnbjk
Folder Deleted : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\okljmanonigbplpkdmgdocaekhapnbjk
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\okljmanonigbplpkdmgdocaekhapnbjk
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ephbjjpleipegfhmlkfijiflmjcgkhdm
Folder Deleted : C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ephbjjpleipegfhmlkfijiflmjcgkhdm
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ephbjjpleipegfhmlkfijiflmjcgkhdm
Folder Deleted : C:\Users\Test1\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ephbjjpleipegfhmlkfijiflmjcgkhdm
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\null
Folder Deleted : C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\null
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\null
Folder Deleted : C:\Users\Test1\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\null
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ofmdajojnppecpkbdmgdohlgojlknedl
Folder Deleted : C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ofmdajojnppecpkbdmgdohlgojlknedl
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ofmdajojnppecpkbdmgdohlgojlknedl
Folder Deleted : C:\Users\Test1\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ofmdajojnppecpkbdmgdohlgojlknedl
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\okljmanonigbplpkdmgdocaekhapnbjk
Folder Deleted : C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\okljmanonigbplpkdmgdocaekhapnbjk
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\okljmanonigbplpkdmgdocaekhapnbjk
Folder Deleted : C:\Users\Test1\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\okljmanonigbplpkdmgdocaekhapnbjk
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ephbjjpleipegfhmlkfijiflmjcgkhdm
Folder Deleted : C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ephbjjpleipegfhmlkfijiflmjcgkhdm
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ephbjjpleipegfhmlkfijiflmjcgkhdm
Folder Deleted : C:\Users\Test1\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ephbjjpleipegfhmlkfijiflmjcgkhdm
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\null
Folder Deleted : C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\null
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\null
Folder Deleted : C:\Users\Test1\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\null
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ofmdajojnppecpkbdmgdohlgojlknedl
Folder Deleted : C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ofmdajojnppecpkbdmgdohlgojlknedl
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ofmdajojnppecpkbdmgdohlgojlknedl
Folder Deleted : C:\Users\Test1\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ofmdajojnppecpkbdmgdohlgojlknedl
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\okljmanonigbplpkdmgdocaekhapnbjk
Folder Deleted : C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\okljmanonigbplpkdmgdocaekhapnbjk
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\okljmanonigbplpkdmgdocaekhapnbjk
Folder Deleted : C:\Users\Test1\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\okljmanonigbplpkdmgdocaekhapnbjk
File Deleted : C:\Windows\SysWOW64\installd.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKCU\Software\5808b8bb46fe441
Key Deleted : HKLM\SOFTWARE\5808b8bb46fe441
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-792098896
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7ABE12CA-E995-4AB4-9A4E-EF8820A20182}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058c8ab6-04c8-4c4f-b6bc-d2ae36a86adc}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{058c8ab6-04c8-4c4f-b6bc-d2ae36a86adc}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7ABE12CA-E995-4AB4-9A4E-EF8820A20182}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{058c8ab6-04c8-4c4f-b6bc-d2ae36a86adc}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\AdvertisingSupport
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BrowserMngr
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\GoforFiles
Key Deleted : HKLM\SOFTWARE\SearchquSRTB
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\Vittalia
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Web browsers ] *****

-\\ Internet Explorer v0.0.0.0

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]

-\\ Mozilla Firefox v35.0.1 (x86 nl)


-\\ Google Chrome v38.0.2125.111


-\\ Comodo Dragon v


-\\ Chrome Canary v


*************************

AdwCleaner[R0].txt - [15542 bytes] - [15/02/2015 13:01:00]
AdwCleaner[S0].txt - [15056 bytes] - [15/02/2015 13:06:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15116  bytes] ##########
 


Edited by Renzo11, 15 February 2015 - 07:11 AM.


#7 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 16 February 2015 - 04:16 AM

Hello, 
 

thank you in advance for helping me! 

That's quite alright. :)
 

Also, the Junkware removal tool does not seem to be scanning, nor does it create any log!

Please delete your copy of JRT. Redownload and try running the programme again. Don't worry if the programme still doesn't run. 
 
Proceed with the instructions below afterwards. 
 
STEP 1
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Please download the Malwarebytes Anti-Malware setup file to your Desktop.
  • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme. 
  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 2
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

STEP 3
EtQetiM.png Uninstall/Reinstall Chrome

  • Follow these instructions on how to backup your Chrome bookmarks: Backup Chrome Bookmarks
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall.
    • Google Chrome
  • Follow the prompts.
  • Reboot if necessary.
  • Download and install U5NwUGc.png.pagespeed.ce.fQOA5bLO8d.png Google Chrome.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • MBAM Scan log
  • ESET Online Scan log
  • Did Google Chrome uninstall/reinstall successfully?

Posted Image

#8 Renzo11

Renzo11
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 16 February 2015 - 09:00 AM

The JRT scan has succeeded now, and here is the log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Test1 on ma 16-02-2015 at 11:33:50,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{A13894CB-A4EF-4E58-9FD5-081EF2BDE063}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Test1\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Test1\appdata\local\{4D597BF2-A7AC-4489-9C79-6E9C5BBCB8B7}
Successfully deleted: [Empty Folder] C:\Users\Test1\appdata\local\{54DF2BB1-EA00-4FA2-85C7-511B38C05128}
Successfully deleted: [Empty Folder] C:\Users\Test1\appdata\local\{77CE97B4-7A49-45C0-A432-7DDA3C912235}
Successfully deleted: [Empty Folder] C:\Users\Test1\appdata\local\{8CB9B39B-1782-4283-862B-743A1A8AB454}
Successfully deleted: [Empty Folder] C:\Users\Test1\appdata\local\{B835E994-FFFF-456F-B9AF-A7D27119A3A4}
Successfully deleted: [Empty Folder] C:\Users\Test1\appdata\local\{EEA8FB2A-52AA-421A-957B-1F9465296628}



~~~ FireFox

Emptied folder: C:\Users\Test1\AppData\Roaming\mozilla\firefox\profiles\gn64g4dx.default\minidumps [8 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ma 16-02-2015 at 11:40:22,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Here is the MBAM log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 16-2-2015
Scan Time: 11:51:00
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.16.04
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Test1

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 481843
Time Elapsed: 17 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 20
PUP.Optional.Babylon.A, HKU\S-1-5-21-3991530428-1297385551-2610144278-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [22f02ded92f8b97d56b31eea16edcc34],
PUP.Optional.SurfSafely.A, HKU\S-1-5-21-3991530428-1297385551-2610144278-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6C85A1C9-0F93-4B46-BE67-D409D64C7E67}, Quarantined, [7e94c6540486fd3977331dea06fd30d0],
PUP.Optional.FaceMoods.A, HKU\S-1-5-21-3991530428-1297385551-2610144278-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{64182481-4F71-486B-A045-B233BD0DA8FC}, Quarantined, [7e94ba606525270fd661d437c73c2cd4],
PUP.Optional.FaceMoods.A, HKU\S-1-5-21-3991530428-1297385551-2610144278-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{64182481-4F71-486B-A045-B233BD0DA8FC}, Quarantined, [7e94ba606525270fd661d437c73c2cd4],
PUP.Optional.Bandoo.A, HKU\S-1-5-21-3991530428-1297385551-2610144278-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{9D717F81-9148-4F12-8568-69135F087DB0}, Quarantined, [888a9783d1b964d2b1e880c139ca23dd],
PUP.Optional.Bandoo.A, HKU\S-1-5-21-3991530428-1297385551-2610144278-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{9D717F81-9148-4F12-8568-69135F087DB0}, Quarantined, [888a9783d1b964d2b1e880c139ca23dd],
PUP.Optional.Bandoo.A, HKU\S-1-5-21-3991530428-1297385551-2610144278-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{9D717F81-9148-4F12-8568-69135F087DB0}, Quarantined, [888a9783d1b964d2b1e880c139ca23dd],
PUP.Optional.FaceMoods.A, HKU\S-1-5-21-3991530428-1297385551-2610144278-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}, Quarantined, [3fd35bbf28628ea875c37e8d0bf8ff01],
PUP.Optional.FaceMoods.A, HKU\S-1-5-21-3991530428-1297385551-2610144278-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}, Quarantined, [3fd35bbf28628ea875c37e8d0bf8ff01],
PUP.Optional.SweetPacks.A, HKU\S-1-5-21-3991530428-1297385551-2610144278-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EEE6C35B-6118-11DC-9C72-001320C79847}, Quarantined, [46cc9c7e56344ceac45f4eb5ef14f010],
PUP.Optional.SweetPacks.A, HKU\S-1-5-21-3991530428-1297385551-2610144278-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EEE6C35B-6118-11DC-9C72-001320C79847}, Quarantined, [46cc9c7e56344ceac45f4eb5ef14f010],
PUP.Optional.SweetPacks, HKU\S-1-5-21-3991530428-1297385551-2610144278-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EEE6C35C-6118-11DC-9C72-001320C79847}, Quarantined, [0b0766b4d9b1e551538bae60f013827e],
PUP.Optional.SweetPacks, HKU\S-1-5-21-3991530428-1297385551-2610144278-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EEE6C35C-6118-11DC-9C72-001320C79847}, Quarantined, [0b0766b4d9b1e551538bae60f013827e],
PUP.Optional.SurfSafely.A, HKLM\SOFTWARE\WOW6432NODE\Surf Safely, Quarantined, [57bbc9512466d85ebbba3a76a75cf709],
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HD-V1.9, Quarantined, [c44ed24895f5e94d3b858733649fcb35],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-3991530428-1297385551-2610144278-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, Quarantined, [20f2e238e8a259dd68d2ab449c68e917],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-3991530428-1297385551-2610144278-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, Quarantined, [c64c0a10f694bd79f445e00f1fe549b7],
PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-3991530428-1297385551-2610144278-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, Quarantined, [8b8799810b7f61d5e01cd31f9e66bd43],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-3991530428-1297385551-2610144278-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, Quarantined, [aa6847d36f1bb97dca701bd4ff058080],
PUP.Optional.FaceMoods.A, HKU\S-1-5-21-3991530428-1297385551-2610144278-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\facemoods.com, Quarantined, [f81a6eac632790a64bdff5d7bc4754ac],

Registry Values: 2
PUP.Optional.SweetPacks.A, HKU\S-1-5-21-3991530428-1297385551-2610144278-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{EEE6C35B-6118-11DC-9C72-001320C79847}, ìæáçáì ä, Quarantined, [46cc9c7e56344ceac45f4eb5ef14f010]
PUP.Optional.SweetPacks.A, HKU\S-1-5-21-3991530428-1297385551-2610144278-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{EEE6C35B-6118-11DC-9C72-001320C79847}, Quarantined, [71a16fab3e4c48ee9d86709350b36c94],

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config, Quarantined, [41d16dad7713d0663bc17240a1623bc5],
PUP.Optional.GoForFiles, C:\ProgramData\Microsoft\Windows\Start Menu\GoforFiles, Quarantined, [66ac6dada8e22313feb3ed27a85d8b75],
Rogue.Multiple, C:\ProgramData\3872871776, Quarantined, [f41eae6c1773de58c837f4518281ed13],
PUP.Optional.Datamngr.A, C:\Users\Gast\AppData\LocalLow\DataMngr, Quarantined, [7e94b466484292a4e2e592c932d1659b],

Files: 13
PUP.Optional.Bundler, C:\Users\Test1\Downloads\Fred V (1).exe, Quarantined, [c34f71a9d6b4181e075edecc43c28f71],
PUP.Optional.Bundler, C:\Users\Test1\Downloads\Fred V (2).exe, Quarantined, [d33fbc5e0e7c39fd9bcad1d95ea78779],
PUP.Optional.Bundler, C:\Users\Test1\Downloads\Fred V (3).exe, Quarantined, [6fa3ba605a309d995f062c7e06ff38c8],
PUP.Optional.Bundler, C:\Users\Test1\Downloads\Fred V.exe, Quarantined, [ac660515fd8dcd69dd88b4f6d82dc13f],
PUP.Optional.iBryte, C:\Users\Test1\Downloads\setup.exe, Quarantined, [7c966ab0127888ae6b1248e2c937639d],
PUP.Optional.Proxy.A, C:\Users\Test1\AppData\Local\proxy.log, Quarantined, [7999d743ed9dc86ec602dcd1dd269c64],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\ver.xml, Quarantined, [41d16dad7713d0663bc17240a1623bc5],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\uninstinethnfd.exe, Quarantined, [41d16dad7713d0663bc17240a1623bc5],
PUP.Optional.GoForFiles, C:\ProgramData\Microsoft\Windows\Start Menu\GoforFiles\GoforFiles.lnk, Quarantined, [66ac6dada8e22313feb3ed27a85d8b75],
PUP.Optional.GoForFiles, C:\ProgramData\Microsoft\Windows\Start Menu\GoforFiles\Remove GFF.lnk, Quarantined, [66ac6dada8e22313feb3ed27a85d8b75],
Rogue.Multiple, C:\ProgramData\3872871776\BIT318A.tmp, Quarantined, [f41eae6c1773de58c837f4518281ed13],
Rogue.Multiple, C:\ProgramData\3872871776\BITAC4C.tmp, Quarantined, [f41eae6c1773de58c837f4518281ed13],
PUP.Optional.Datamngr.A, C:\Users\Gast\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, Quarantined, [7e94b466484292a4e2e592c932d1659b],

Physical Sectors: 0
(No malicious items detected)


 



#9 Renzo11

Renzo11
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 16 February 2015 - 09:01 AM

The ESET scan is taking some time, will post it soon. I have uninstalled chrome but prefer to leave it uninstalled since i use Firefox. Do you recommend otherwise?



#10 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 16 February 2015 - 09:05 AM

Hello,

Yes, that's OK. If you do not use Google Chrome there is no reason to reinstall the programme.
Posted Image

#11 Renzo11

Renzo11
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 16 February 2015 - 01:00 PM

Dear liquidtension,

 

Ive come across some new problems. Ive run the ESET scanner, yet it only went to 47% and seemed to freeze at that point. It then opened a new window saying something about my computer not having enough space or memory. A log of the ESET scanner is attached.

 

Furthermore, since the scanner didnt proceed i finished it. From there, my computer got significantly slower and for the first time ever i've received the blue screen of doom saying theres a problem with the pc and all of the physical memory dumb stuff. Home come my computer is much slower, and that ive received the blue screen after follow ur step of the ESET scanner? I am worried about my computer and its condition and/or what is happening to it with these steps you've provided.


Here's the log

Attached Files


Edited by Renzo11, 16 February 2015 - 01:01 PM.


#12 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 17 February 2015 - 04:10 AM

Hello, 
 
I'm sorry to hear this has happened. 
However, there is nothing wrong with the instructions issued. They are provided to users hundreds/thousands of times on a daily basis. As is the nature with malware removal, unexpected issues can arise. 
 
Download and run WhoCrashed. Copy/paste the report in your next post. 
http://www.majorgeeks.com/files/details/whocrashed_free_home_edition.html 

Then run a fresh FRST scan.
 
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 

Edited by LiquidTension, 17 February 2015 - 04:11 AM.

Posted Image

#13 Renzo11

Renzo11
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 17 February 2015 - 04:51 AM

Ok, i will offcourse continue with the steps provided. Here is the who crashed info: Crash Dump Analysis


Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

On Mon 16-2-2015 17:51:07 GMT your computer crashed
crash dump file: C:\Windows\Minidump\021615-27268-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x74EC0)
Bugcheck code: 0x19 (0x22, 0x0, 0x0, 0x0)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Mon 16-2-2015 17:51:07 GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: cfrmd.sys (CFRMD+0x113A)
Bugcheck code: 0x19 (0x22, 0x0, 0x0, 0x0)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\drivers\cfrmd.sys
product: Windows ® Win 7 DDK driver
company: Windows ® Win 7 DDK provider
description: Safe Deletion Driver
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: cfrmd.sys (Safe Deletion Driver, Windows ® Win 7 DDK provider).
Google query: Windows ® Win 7 DDK provider BAD_POOL_HEADER






Conclusion

2 crash dumps have been found and analyzed. A third party driver has been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:

cfrmd.sys (Safe Deletion Driver, Windows ® Win 7 DDK provider)

If no updates for these drivers are available, try searching with Google on the names of these drivers in combination the errors that have been reported for these drivers and include the brand and model name of your computer as well in the query. This often yields interesting results from discussions from users who have been experiencing similar problems.


Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

 



#14 Renzo11

Renzo11
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 17 February 2015 - 04:53 AM

Here are the FRST scan logs:

 

FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Test1 (administrator) on RENZO-PC on 17-02-2015 10:51:48
Running from C:\Users\Test1\Downloads
Loaded Profiles: Test1 (Available profiles: Test1 & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Spotify Ltd) C:\Users\Test1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\hp\Common\HPSupportSolutionsFrameworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Resplendence Software Projects) C:\Program Files\WhoCrashed\WhoCrashedEx.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\...\Run: [HPADVISOR] => [X]
HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\...\Run: [Spotify Web Helper] => C:\Users\Test1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-11-23] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=nl-NL&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fwww.google.com&OSP=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26src%3DIE%2DSearchBox%26FORM%3DIESR02
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {A13894CB-A4EF-4E58-9FD5-081EF2BDE063} URL = http://nl.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913935
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Test1\AppData\Roaming\Mozilla\Firefox\Profiles\gn64g4dx.default
FF Homepage: https://www.youtube.com/feed/subscriptions
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.102.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3991530428-1297385551-2610144278-1006: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Security Plus - C:\Users\Test1\AppData\Roaming\Mozilla\Firefox\Profiles\gn64g4dx.default\Extensions\jid0-DjsrWcAS3Wgq2xyyqqVL8Dqk1Lo@jetpack.xpi [2014-12-22]
FF Extension: Adblock Plus - C:\Users\Test1\AppData\Roaming\Mozilla\Firefox\Profiles\gn64g4dx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-22]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-08-07]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Cleaner_Validator; C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [371648 2010-12-09] ()
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-02-05] (NVIDIA Corporation)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-02-05] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-02-23] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [79552 2010-12-09] (Windows ® Win 7 DDK provider)
R1 CFRPD; C:\Windows\System32\DRIVERS\CFRPD.sys [41472 2010-12-09] (Windows ® Win 7 DDK provider)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-02-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-02-05] (NVIDIA Corporation)
S3 rt61x64; C:\Windows\System32\DRIVERS\WMP54Gv41x64.sys [446304 2010-04-07] (Ralink Technology, Corp.)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-02-21] (Razer, Inc.)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2013-11-15] (Razer Inc)
R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74432 2014-02-21] (Razer, Inc.)
S3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [34984 2013-11-15] (Razer Inc)
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [72704 2010-03-11] (Razer USA Ltd)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 10:48 - 2015-02-17 10:48 - 02727584 _____ (Resplendence Software Projects Sp. ) C:\Users\Test1\Downloads\whocrashedSetup.exe
2015-02-17 10:48 - 2015-02-17 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
2015-02-17 10:48 - 2015-02-17 10:48 - 00000000 ____D () C:\Program Files\WhoCrashed
2015-02-16 22:58 - 2015-02-16 22:58 - 00000036 ____H () C:\Users\Test1\Desktop\.curseclient
2015-02-16 18:55 - 2015-02-16 18:55 - 3549407377 _____ () C:\Windows\MEMORY.DMP
2015-02-16 18:55 - 2015-02-16 18:55 - 00262144 _____ () C:\Windows\Minidump\021615-27268-01.dmp
2015-02-16 18:37 - 2015-02-16 18:37 - 00016769 _____ () C:\Users\Test1\Desktop\ESETonlinescanner.txt
2015-02-16 14:07 - 2015-02-16 14:07 - 02347384 _____ (ESET) C:\Users\Test1\Downloads\esetsmartinstaller_enu.exe
2015-02-16 14:07 - 2015-02-16 14:07 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-16 11:50 - 2015-02-17 10:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-16 11:49 - 2015-02-16 11:49 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Test1\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-16 11:49 - 2015-02-16 11:49 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-16 11:49 - 2015-02-16 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-16 11:49 - 2015-02-16 11:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-16 11:49 - 2015-02-16 11:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-16 11:49 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-16 11:49 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-16 11:49 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-16 11:40 - 2015-02-16 11:40 - 00001944 _____ () C:\Users\Test1\Desktop\JRT.txt
2015-02-16 11:33 - 2015-02-16 11:33 - 01388274 _____ (Thisisu) C:\Users\Test1\Downloads\JRT.exe
2015-02-15 15:18 - 2015-02-15 15:18 - 00002016 _____ () C:\Users\Test1\Downloads\Shadowmoon Valley 90-94.xml
2015-02-15 13:00 - 2015-02-15 13:06 - 00000000 ____D () C:\AdwCleaner
2015-02-15 13:00 - 2015-02-15 13:00 - 02112512 _____ () C:\Users\Test1\Downloads\AdwCleaner.exe
2015-02-15 12:48 - 2015-02-02 19:13 - 01388274 _____ (Thisisu) C:\Users\Test1\Desktop\JRT_NEW.exe
2015-02-15 12:43 - 2015-02-15 12:43 - 10801480 _____ (VS Revo Group ) C:\Users\Test1\Downloads\RevoUninProSetup.exe
2015-02-15 12:43 - 2015-02-15 12:43 - 00000000 ____D () C:\Users\Test1\AppData\Local\VS Revo Group
2015-02-15 12:43 - 2015-02-15 12:43 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-02-15 12:25 - 2015-02-17 10:50 - 00000000 ____D () C:\Users\Test1\Downloads\FRST-OlderVersion
2015-02-12 17:49 - 2015-02-12 17:50 - 00047874 _____ () C:\Users\Test1\Downloads\Addition.txt
2015-02-12 17:48 - 2015-02-17 10:51 - 00015755 _____ () C:\Users\Test1\Downloads\FRST.txt
2015-02-12 17:47 - 2015-02-17 10:51 - 00000000 ____D () C:\FRST
2015-02-12 17:46 - 2015-02-17 10:50 - 02085888 _____ (Farbar) C:\Users\Test1\Downloads\FRST64.exe
2015-02-12 17:00 - 2015-02-12 17:00 - 06708078 _____ () C:\Users\Test1\Desktop\RENZO-PC.arn
2015-02-12 16:57 - 2015-02-12 16:57 - 00573697 _____ () C:\Users\Test1\Downloads\Autoruns.zip
2015-02-12 16:56 - 2015-02-12 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-02-12 16:56 - 2015-02-12 16:56 - 00000000 ____D () C:\Program Files\7-Zip
2015-02-12 16:55 - 2015-02-12 16:55 - 01376768 _____ () C:\Users\Test1\Downloads\7z920-x64.msi
2015-02-12 16:35 - 2015-02-05 22:01 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-02-12 16:35 - 2015-02-05 22:01 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-02-12 16:35 - 2015-02-05 22:01 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-02-12 16:35 - 2015-02-05 22:01 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-02-12 16:34 - 2015-02-05 18:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-02-12 16:27 - 2015-02-05 22:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-12 16:27 - 2015-02-05 22:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-02-12 16:27 - 2015-02-05 22:01 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-02-12 16:27 - 2015-02-05 22:01 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-02-12 16:24 - 2015-02-12 16:24 - 309136440 _____ (NVIDIA Corporation) C:\Users\Test1\Downloads\347.52-desktop-win8-win7-winvista-64bit-international-whql.exe
2015-02-12 15:00 - 2015-02-12 15:00 - 00018999 _____ () C:\Users\Test1\Downloads\Result.txt
2015-02-12 14:58 - 2015-02-12 14:58 - 00401920 _____ (Farbar) C:\Users\Test1\Downloads\MiniToolBox.exe
2015-02-12 11:07 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 11:07 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 11:07 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 11:07 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 10:57 - 2015-02-16 18:54 - 00012526 _____ () C:\Windows\PFRO.log
2015-02-11 09:38 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 09:38 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 09:37 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 09:37 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 09:37 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 09:37 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 09:37 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 09:37 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 09:37 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 09:37 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 09:37 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 09:37 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 09:37 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 09:37 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 09:37 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 09:37 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 09:37 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 09:37 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 09:37 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 09:37 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 09:37 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 09:37 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 09:37 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 09:37 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 09:34 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 09:34 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 09:34 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 09:34 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 09:34 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 09:34 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 09:34 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 09:34 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 09:34 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 09:34 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 09:34 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 09:34 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 09:34 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 09:34 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 09:34 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 09:34 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 09:34 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 09:34 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 09:34 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 09:34 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 09:34 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 09:34 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 09:34 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 09:34 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 09:34 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 09:34 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 09:34 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 09:34 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 09:34 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 09:34 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 09:34 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 09:34 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 09:34 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 09:34 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 09:34 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 09:34 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 09:34 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 09:33 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 09:33 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 09:33 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 09:33 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 09:33 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 09:33 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 09:33 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 09:33 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 09:33 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 09:33 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 09:33 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 09:33 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 09:33 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 09:33 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 09:33 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 09:31 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 09:31 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 09:31 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 09:31 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 09:31 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 09:31 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 09:31 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 09:31 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 09:31 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 09:31 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 09:31 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 09:31 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 09:31 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 09:31 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 09:31 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 09:31 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 09:31 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 09:31 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 09:28 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 09:28 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 09:26 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 09:26 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 09:20 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 09:20 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 09:17 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 09:17 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 09:17 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 09:17 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 09:17 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 09:17 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 09:17 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 09:13 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 08:54 - 2015-02-17 10:47 - 01415998 _____ () C:\Windows\WindowsUpdate.log
2015-02-11 08:53 - 2015-02-17 10:44 - 00002950 _____ () C:\Windows\setupact.log
2015-02-11 08:53 - 2015-02-11 08:53 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-10 17:53 - 2015-02-10 17:53 - 00003754 _____ () C:\Users\Test1\Downloads\[Grind] [A] [96-100] - Spires of Arak - Sethekk Hollow.xml
2015-02-10 15:28 - 2015-02-10 15:28 - 00003848 _____ () C:\Users\Test1\Downloads\[H] 96- 98.xml
2015-02-10 13:33 - 2015-02-10 13:34 - 10605774 _____ () C:\Users\Test1\Downloads\Ralph lauren tas.zip
2015-02-10 13:00 - 2015-02-10 13:00 - 00003154 _____ () C:\Users\Test1\Downloads\[96-100] Spires of Arak - Humanoids [Grind] v1.xml
2015-02-10 01:03 - 2015-02-10 01:03 - 00000000 ____D () C:\ProgramData\Apple
2015-02-09 20:39 - 2015-02-09 20:39 - 00002347 _____ () C:\Users\Test1\Downloads\96-100 {A} Spires of arak. Admiral Taylor.xml
2015-02-09 15:26 - 2015-02-09 15:26 - 00004042 _____ () C:\Users\Test1\Downloads\A- Sunset shore-Talador- 94-96.xml
2015-02-09 14:59 - 2015-02-09 14:59 - 00002212 _____ () C:\Users\Test1\Downloads\Grove Street.xml
2015-02-08 09:52 - 2015-02-12 16:59 - 00563864 _____ (Sysinternals - www.sysinternals.com) C:\Users\Test1\Desktop\autorunsc.exe
2015-02-08 09:44 - 2015-02-12 16:59 - 00650392 _____ (Sysinternals - www.sysinternals.com) C:\Users\Test1\Desktop\autoruns.exe
2015-02-04 21:51 - 2015-02-04 21:51 - 05070512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-02-03 23:46 - 2015-02-17 05:08 - 00000000 ____D () C:\Users\Test1\AppData\Local\Popcorn-Time
2015-02-03 23:44 - 2015-02-03 23:44 - 00002216 _____ () C:\Users\Test1\Desktop\Popcorn Time.lnk
2015-02-03 23:44 - 2015-02-03 23:44 - 00000000 ____D () C:\Users\Test1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2015-02-03 23:43 - 2015-02-17 04:20 - 00000000 ____D () C:\Users\Test1\AppData\Local\Popcorn Time
2015-02-03 23:42 - 2015-02-03 23:42 - 23236288 _____ (Popcorn Official) C:\Users\Test1\Downloads\Popcorn-Time-0.3.7.1-Setup.exe
2015-01-27 13:22 - 2015-02-03 21:22 - 00000000 ____D () C:\Users\Test1\AppData\Roaming\TS3Client
2015-01-27 13:21 - 2015-01-27 13:21 - 00001215 _____ () C:\Users\Test1\Desktop\TeamSpeak 3 Client.lnk
2015-01-27 13:21 - 2015-01-27 13:21 - 00000000 ____D () C:\Users\Test1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-01-27 13:21 - 2015-01-27 13:21 - 00000000 ____D () C:\Users\Test1\AppData\Local\TeamSpeak 3 Client
2015-01-27 13:19 - 2015-01-27 13:20 - 30014480 _____ (TeamSpeak Systems GmbH) C:\Users\Test1\Downloads\TeamSpeak3-Client-win64-3.0.16.exe
2015-01-27 12:31 - 2015-02-15 13:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-20 17:52 - 2015-02-05 22:01 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-01-20 17:52 - 2014-12-13 11:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2015-01-20 17:52 - 2014-12-13 11:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2015-01-20 17:52 - 2014-10-09 18:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-01-20 17:52 - 2014-10-09 18:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-01-20 17:52 - 2014-10-09 08:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2015-01-18 15:30 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 10:51 - 2013-02-26 22:26 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-17 10:51 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-17 10:51 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-17 10:49 - 2010-08-29 13:50 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-17 10:44 - 2010-08-29 13:50 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-17 10:44 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-17 10:43 - 2009-09-15 21:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-17 05:09 - 2014-06-06 02:03 - 00011941 _____ () C:\Windows\cscmondump.bin
2015-02-17 04:14 - 2012-05-10 14:42 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3991530428-1297385551-2610144278-1000UA.job
2015-02-17 04:04 - 2013-02-19 18:59 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3991530428-1297385551-2610144278-1000UA.job
2015-02-17 04:02 - 2013-05-02 14:07 - 00000000 ____D () C:\Users\Test1\AppData\Roaming\Skype
2015-02-17 00:57 - 2013-07-17 00:04 - 00000000 ____D () C:\Users\Test1\AppData\Local\Deployment
2015-02-16 23:14 - 2012-05-10 14:42 - 00001014 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3991530428-1297385551-2610144278-1000Core.job
2015-02-16 23:03 - 2014-05-07 23:45 - 00000000 ____D () C:\Users\Test1\AppData\Local\Battle.net
2015-02-16 20:40 - 2014-06-05 19:40 - 00000450 _____ () C:\Windows\Tasks\COMODO Updater.job
2015-02-16 19:04 - 2013-02-19 18:59 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3991530428-1297385551-2610144278-1000Core.job
2015-02-16 18:55 - 2013-04-01 13:45 - 00000000 ____D () C:\Windows\Minidump
2015-02-16 14:58 - 2013-04-17 10:28 - 00000000 ____D () C:\Users\Test1\AppData\Local\Google
2015-02-16 14:58 - 2010-08-29 13:50 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-16 14:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SchCache
2015-02-15 17:32 - 2010-01-23 11:49 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-02-15 15:22 - 2014-03-12 19:30 - 00000000 ____D () C:\Users\Test1\Documents\bestandmap-renzo-lol
2015-02-15 12:33 - 2014-11-03 21:27 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-02-15 12:26 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-14 23:32 - 2014-06-06 02:03 - 02928292 _____ () C:\Windows\CSC_ServiceDump.dat
2015-02-14 23:32 - 2014-06-06 02:03 - 00567482 _____ () C:\Windows\CSC_ActiveCleanLog.dat
2015-02-13 18:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-13 11:38 - 2014-09-28 17:05 - 00000000 ____D () C:\Users\Test1\AppData\Local\NVIDIA Corporation
2015-02-13 11:38 - 2010-10-02 12:13 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-02-12 16:59 - 2015-01-04 14:04 - 00050512 _____ () C:\Users\Test1\Desktop\autoruns.chm
2015-02-12 16:59 - 2006-07-28 09:32 - 00007005 _____ () C:\Users\Test1\Desktop\Eula.txt
2015-02-12 16:39 - 2010-08-29 13:50 - 00000000 ___HD () C:\Program Files\Google
2015-02-12 16:35 - 2010-06-21 18:19 - 00000000 ___HD () C:\Program Files\NVIDIA Corporation
2015-02-12 16:34 - 2014-12-20 11:02 - 00000000 ____D () C:\Temp
2015-02-12 16:34 - 2014-09-28 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-12 16:15 - 2014-07-23 13:53 - 00000000 ____D () C:\Users\Test1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2015-02-12 15:19 - 2014-06-03 14:12 - 00000000 ____D () C:\Users\Test1\AppData\Local\Adobe
2015-02-12 15:19 - 2010-10-10 11:55 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-12 10:57 - 2009-07-14 05:45 - 00396864 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 03:17 - 2014-12-10 03:27 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 03:17 - 2014-05-06 15:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 03:15 - 2013-01-25 18:36 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-12 03:12 - 2011-02-07 16:03 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-02-12 03:12 - 2011-02-07 16:02 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-12 03:12 - 2011-02-07 16:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-12 03:12 - 2010-01-23 18:15 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-12 03:11 - 2013-08-14 02:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 03:09 - 2013-04-17 10:02 - 00000000 ____D () C:\Users\Test1
2015-02-12 03:03 - 2010-01-25 20:46 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 09:35 - 2013-07-27 03:37 - 00000000 ____D () C:\Users\Test1\AppData\Local\CrashDumps
2015-02-11 09:22 - 2014-07-24 16:57 - 00000000 ____D () C:\Users\Test1\AppData\Roaming\uTorrent
2015-02-09 11:37 - 2011-10-30 13:27 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-02-05 22:01 - 2014-11-04 16:48 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-05 22:01 - 2014-09-28 16:59 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-02-05 22:01 - 2014-07-30 16:34 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-05 22:01 - 2010-08-08 23:35 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-02-05 22:01 - 2010-08-08 23:35 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-02-05 20:07 - 2014-10-26 17:37 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-05 20:07 - 2014-07-30 16:37 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-05 20:07 - 2014-07-30 16:37 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-05 20:07 - 2014-07-30 16:37 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-05 20:07 - 2014-07-30 16:37 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-05 20:06 - 2014-07-30 16:37 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-05 17:24 - 2009-09-16 06:57 - 00748870 _____ () C:\Windows\system32\perfh013.dat
2015-02-05 17:24 - 2009-09-16 06:57 - 00154838 _____ () C:\Windows\system32\perfc013.dat
2015-02-05 17:24 - 2009-07-14 06:13 - 01680172 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-05 13:50 - 2014-07-30 16:37 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-02-04 21:51 - 2013-02-26 22:26 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 21:51 - 2013-02-26 22:26 - 00003878 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 21:51 - 2011-05-16 10:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-31 10:00 - 2010-01-22 14:06 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2015-01-28 09:42 - 2014-12-22 20:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2013-07-26 18:31 - 2013-07-28 04:13 - 0034816 _____ () C:\Users\Test1\AppData\Roaming\RZR_0020734845f6b952e97d027f494c.db
2013-11-27 21:02 - 2013-11-27 22:12 - 0005120 _____ () C:\Users\Test1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-13 18:26 - 2013-05-13 18:26 - 0007605 _____ () C:\Users\Test1\AppData\Local\Resmon.ResmonCfg
2010-08-22 12:12 - 2010-08-22 12:37 - 0001053 _____ () C:\ProgramData\hpzinstall.log
2011-10-27 10:50 - 2011-10-25 12:18 - 2701696 _____ (mquadr.at software engineering und consulting GmbH) C:\ProgramData\UpdateKPNAssistent.exe

Files to move or delete:
====================
C:\ProgramData\UpdateKPNAssistent.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 00:35

==================== End Of Log ============================

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Test1 at 2015-02-17 10:52:24
Running from C:\Users\Test1\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.5 - Adobe Systems Incorporated)
Adobe Flash Media Live Encoder 3.2 (HKLM-x32\...\{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}) (Version: 3.2.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
COMODO System-Cleaner (HKLM\...\{C4039DC0-905D-4372-8B20-120F0B6CF283}) (Version: 3.0.172695.53 - COMODO)
Compatibiliteitspakket voor het 2007 Microsoft Office system (HKLM-x32\...\{90120000-0020-0413-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Curse Client (HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diagnostisch hulpprogramma voor hardware (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5434.08 - PC-Doctor, Inc.)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
EasyDuplicateFinder v4.7 (HKLM\...\Easy Duplicate Finder 4_is1) (Version:  - WebMinds, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Foxit Reader 5.1 (HKLM-x32\...\Foxit Reader_is1) (Version: 5.1.4.104 - Foxit Corporation)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Honorbuddy (HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\...\{1ccb7cee-ea11-4a03-b7b6-4eaec29813c4}) (Version: 2.5.9937.728 - Bossland GmbH)
Honorbuddy (x32 Version: 2.5.9937.728 - Bossland GmbH) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3420 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3601 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
KPN Assistent (HKLM-x32\...\KPN Assistent) (Version: 1.1.0.46 - KPN)
KPN Assistent (x32 Version: 1.1.0.46 - KPN) Hidden
KPN Installatie Assistent (HKLM-x32\...\KPN Installatie Assistent) (Version: 1.1.1.120 - KPN)
KPN Installatie Assistent (x32 Version: 1.1.1.120 - KPN) Hidden
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
Linksys Wireless-G PCI Adapter Driver - WMP54Gv4.1 (HKLM-x32\...\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}) (Version: 1.0 - Linksys, A Division of Cisco Systems, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft IntelliType Pro 7.1 (HKLM\...\{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}) (Version: 7.10.344.0 - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (Dutch) (HKLM-x32\...\{95120000-00AF-0413-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{5158F1F5-FA1B-4D49-B546-55A5004B89BD}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0413-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 nl) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 nl)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision controllerstuurprogramma 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision stuurprogramma 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5936 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafisch stuurprogramma 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio-stuurprogramma 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX systeemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.61 - Razer Inc)
Razer Naga (HKLM-x32\...\{F3CC3463-C6C2-4667-BDAC-BC517A11628F}) (Version: 2.02.07 - Razer USA Ltd.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Should I Remove It (HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2070.0 - Hi-Rez Studios)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
TeamSpeak 3 Client (HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Rift (HKLM-x32\...\Rift) (Version:  - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.5.0 - Flagship Industries, Inc.)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Warface (HKLM-x32\...\Steam App 291480) (Version:  - Crytek GmbH)
WhoCrashed 5.03 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3991530428-1297385551-2610144278-1006_Classes\CLSID\{81e38fa3-9875-44ce-b9a6-73abc0464b79}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

==================== Restore Points  =========================

13-02-2015 02:31:21 Windows Update
15-02-2015 12:25:42 Restore Point Created by FRST
15-02-2015 12:44:25 Revo Uninstaller Pro's restore point - TuneUp Utilities Language Pack (nl-NL)
15-02-2015 12:44:59 TuneUp Utilities Language Pack (nl-NL) is verwijderd
15-02-2015 12:49:55 15-2-2015
16-02-2015 09:36:00 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-03-08 09:41 - 00000762 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01EB64BB-F06A-42F4-80FF-58166A4E6C76} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN35R150B6 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {096A9C55-68CF-469C-BAC0-DEAEA3175CE1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN37J1CJGS => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {116D9773-F21D-4482-840A-CE0E6CD0618E} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-12-01] (CyberLink)
Task: {17C56D0F-4FBC-4AA7-A4ED-A4033A689A68} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {182E0283-1293-4785-AEA4-08BA38413AA2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {19B449B7-4451-402C-9323-E9A5312B2857} - System32\Tasks\{B074B047-3ABC-4394-9A06-833E47AE3AC1} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {1A81ED4C-D74E-45F9-A98C-338C3E68DD34} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {1B2C83DE-6A80-4529-9DC3-95FE1DA72A7C} - System32\Tasks\{49D3B66B-DA0C-4695-9D48-09333A7A78A8} => pcalua.exe -a C:\Users\Test1\Downloads\ASIO4ALL_2_11_English.exe -d C:\Users\Test1\Downloads
Task: {26A3665A-F9F7-49C9-AF97-57313B90A3C0} - System32\Tasks\COMODO Updater => C:\Program Files\COMODO\COMODO System-Cleaner\Updater.exe [2010-12-09] (COMODO Security Solutions, Inc.)
Task: {26F290D7-3519-4B2D-8AB4-3D89B398CA85} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3991530428-1297385551-2610144278-1000Core => C:\Users\renzo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {330160AF-8294-42AC-90D5-FC3D8B270193} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {35AFD458-DFCE-406F-879E-B92C8A690046} - System32\Tasks\{EA4F7956-AB24-4873-9E01-0935DA876046} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {3753BAE2-2A1C-437E-8069-049CD5C7667D} - System32\Tasks\{2A102EAA-EFC2-46B2-8BFC-9E1E7F8A7D05} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {387D841D-A837-4957-80D8-6842A48103FF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {47DBC39B-25A1-4325-AD00-E9127820A26A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3991530428-1297385551-2610144278-1000UA => C:\Users\renzo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {58F1912D-3D99-4CEB-B643-73884C54653E} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {5A902AD6-CE23-40F4-9158-2B5CAAEDC667} - System32\Tasks\{BCFA7433-9546-4741-813B-54DD8123EFC2} => pcalua.exe -a C:\Users\Test1\Downloads\wlsetup-web.exe -d C:\Users\Test1\Downloads
Task: {5AC5957C-6F61-492C-9FD2-8E2EDE947305} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {66CA5DF9-6628-42B3-8212-2C908477113A} - System32\Tasks\{6A5FDA54-EE5A-424D-8DD6-8DDB46718869} => pcalua.exe -a C:\Users\renzo\AppData\Local\Temp\VSDE9F2.tmp\DotNetFx35Client\DotNetFx35ClientSetup.exe -d C:\Users\renzo\Downloads -c /lang:enu /passive /norestart
Task: {72C0C705-757C-4CA1-8C6A-141A96811D87} - System32\Tasks\{A34CAF52-E6C0-4114-BC17-72D3F0A1501B} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {7E49B858-858B-4C15-B120-F4F5DEE4910D} - System32\Tasks\{44B92F38-8463-46E2-BF59-AD6A61288FBC} => pcalua.exe -a E:\setup.exe -d E:\
Task: {8BB4B136-F5CC-4870-A318-B208134E9621} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {90A43379-C480-47AB-BA5A-87D92256441F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {947D8785-A6EC-4803-BD0B-C02A3B60126D} - System32\Tasks\{D78811F9-6025-489F-968E-FE226584A272} => pcalua.exe -a C:\Windows\IsUninst.exe -c -fj:\Uninst.isu
Task: {A20C2F54-AD3F-4AF0-A0F4-45ACCD2D4B99} - System32\Tasks\{0C59AE20-816F-41F3-BDD4-DEA09E2CB5A7} => pcalua.exe -a C:\Users\renzo\AppData\Local\Temp\VSDEB7B.tmp\DotNetFx35Client\DotNetFx35ClientSetup.exe -d C:\Users\renzo\Downloads -c /lang:enu /passive /norestart
Task: {AC54698B-7F54-4FAA-BE3F-510811F88E7E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3991530428-1297385551-2610144278-1000UA => C:\Users\renzo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {B1D0264E-0035-4B89-8065-12AFF892D1B0} - System32\Tasks\{6CA4D8F7-E4E1-43C9-BAE0-B96B29CE14B0} => pcalua.exe -a "C:\Users\renzo\Downloads\setup (6).exe" -d C:\Users\renzo\Downloads
Task: {B62BFF3B-9756-4636-9003-50A15A4CF531} - System32\Tasks\{D0863364-87A7-456E-A1C6-3BE2557C3456} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {B7AAD469-2745-4854-BC55-D5E4400D7BD5} - System32\Tasks\{9F9713E4-0C7D-4315-807D-BB969BFA5949} => pcalua.exe -a C:\Users\Test1\Downloads\AVM_FRITZ_WLAN_Repeater_450E_Assistent.exe -d C:\Users\Test1\Downloads
Task: {C67D4C81-9B24-4FC2-B72F-EA8C40CFD956} - System32\Tasks\{750753BB-A25E-43A7-B2D1-AF7661B4DD5E} => pcalua.exe -a C:\Users\renzo\Downloads\PTR-Installer-en_GB.exe -d C:\Users\renzo\Desktop
Task: {DA150C2D-1C54-42A9-B919-102BF45D525E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {E55EB0AF-49D4-4F8B-A2A5-21588ED59C66} - System32\Tasks\{F380C0B0-4E9D-4835-B9FF-0AACD885C09F} => pcalua.exe -a "C:\Users\renzo\Downloads\setup (9).exe" -d C:\Users\renzo\Downloads
Task: {E669A52F-75B7-4505-99FC-4DCCECB46DD3} - System32\Tasks\{17F20A54-90BF-428D-8CD5-EFC344810410} => pcalua.exe -a C:\Users\Test1\Downloads\wlsetup-web.exe -d C:\Users\Test1\Downloads
Task: {E9211C49-3572-49E1-B405-0D90441DD440} - System32\Tasks\{C741393B-5BD7-4CCD-A0B7-34C8D900ABF3} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/55130
Task: {F18E3FFB-AE13-4C74-B147-97B344A5F562} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3991530428-1297385551-2610144278-1000Core => C:\Users\renzo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {F4121432-D75D-488F-AB22-66C7ED57DC8F} - System32\Tasks\{C43C8CB6-5A3C-4C7C-8873-067BDE74271B} => pcalua.exe -a "C:\Program Files (x86)\KPN\KPN Installatie Assistent\KPN_IA.exe" -d "C:\Program Files (x86)\KPN"
Task: {FAF93E9C-DC75-48DB-8537-351C59D8A0C5} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-10-20] (CyberLink Corp.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\COMODO Updater.job => C:\Program Files\COMODO\COMODO System-Cleaner\Updater.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3991530428-1297385551-2610144278-1000Core.job => C:\Users\renzo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3991530428-1297385551-2610144278-1000UA.job => C:\Users\renzo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3991530428-1297385551-2610144278-1000Core.job => C:\Users\renzo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3991530428-1297385551-2610144278-1000UA.job => C:\Users\renzo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe

==================== Loaded Modules (whitelisted) ==============

2014-07-30 16:37 - 2015-02-05 20:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-12-09 13:08 - 2010-12-09 13:08 - 00371648 ____H () C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
2010-12-09 13:08 - 2010-12-09 13:08 - 01045952 ____H () C:\Program Files\COMODO\COMODO System-Cleaner\CSCDll.dll
2010-12-09 13:09 - 2010-12-09 13:09 - 00690112 ____H () C:\Program Files\COMODO\COMODO System-Cleaner\UtilsDll.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2011-07-17 02:30 - 2012-02-23 22:23 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-12-01 19:49 - 2009-12-01 19:49 - 00931112 _____ () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2015-01-27 12:31 - 2015-01-27 12:31 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-02-17 10:48 - 2014-12-19 16:08 - 00118528 _____ () C:\Program Files\WhoCrashed\WhoCrashed32.dll
2015-02-17 10:48 - 2014-12-19 16:08 - 00247552 _____ () C:\Program Files\WhoCrashed\rspSymSrv32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3991530428-1297385551-2610144278-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\Test1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: facemoods => "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
MSCONFIG\startupreg: Google Update => "C:\Users\renzo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Remote Solution => %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: itype => "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
MSCONFIG\startupreg: KPN Assistent => C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe /auto
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Razer Naga Driver => C:\Program Files (x86)\Razer\Naga\NagaTray.exe
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\renzo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: UpdatePRCShortCut => "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

==================== Accounts: =============================

Administrator (S-1-5-21-3991530428-1297385551-2610144278-500 - Administrator - Disabled)
Gast (S-1-5-21-3991530428-1297385551-2610144278-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-3991530428-1297385551-2610144278-1003 - Limited - Enabled)
Test1 (S-1-5-21-3991530428-1297385551-2610144278-1006 - Administrator - Enabled) => C:\Users\Test1

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling-adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/17/2015 10:50:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Kan activeringscontext voor C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1 niet maken. Fout in manifest of beleidsbestand C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2 op regel C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Een onderdeelversie die nodig is voor de toepassing conflicteert met een andere onderdeelversie die reeds actief is.
Conflicterende onderdelen zijn:
Onderdeel 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Onderdeel 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/17/2015 10:44:41 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (02/17/2015 10:44:41 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (02/17/2015 10:44:41 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (02/17/2015 02:01:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: Cleaner_Validator.exe, versie: 0.0.0.0, tijdstempel: 0x4d00beda
Naam van module met fout: CSCDll.dll, versie: 0.0.0.0, tijdstempel: 0x4d00be92
Uitzonderingscode: 0xc0000005
Foutoffset: 0x00000000000406a4
Id van proces met fout: 0x4bc
Starttijd van toepassing met fout: 0xCleaner_Validator.exe0
Pad naar toepassing met fout: Cleaner_Validator.exe1
Pad naar module met fout: Cleaner_Validator.exe2
Rapport-id: Cleaner_Validator.exe3

Error: (02/16/2015 06:37:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Het programma firefox.exe, versie 35.0.1.5500 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.

Proces-id: edc

Starttijd: 01d04a0e7c510d8b

Eindtijd: 78

Toepassingspad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Rapport-id:

Error: (02/16/2015 02:48:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: Cleaner_Validator.exe, versie: 0.0.0.0, tijdstempel: 0x4d00beda
Naam van module met fout: Cleaner_Validator.exe, versie: 0.0.0.0, tijdstempel: 0x4d00beda
Uitzonderingscode: 0xc0000005
Foutoffset: 0x000000000001c042
Id van proces met fout: 0x5fc
Starttijd van toepassing met fout: 0xCleaner_Validator.exe0
Pad naar toepassing met fout: Cleaner_Validator.exe1
Pad naar module met fout: Cleaner_Validator.exe2
Rapport-id: Cleaner_Validator.exe3

Error: (02/16/2015 02:07:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Kan activeringscontext voor C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1 niet maken. Fout in manifest of beleidsbestand C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2 op regel C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Een onderdeelversie die nodig is voor de toepassing conflicteert met een andere onderdeelversie die reeds actief is.
Conflicterende onderdelen zijn:
Onderdeel 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Onderdeel 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (02/17/2015 10:46:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Google Updateservice (gupdate)-service kan vanwege de volgende fout niet worden gestart:
%%2

Error: (02/17/2015 02:01:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De COMODO System - Cleaner Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

Error: (02/16/2015 10:57:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Windows Presentation Foundation Font Cache 3.0.0.0-service kan vanwege de volgende fout niet worden gestart:
%%1053

Error: (02/16/2015 10:57:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: Windows Presentation Foundation Font Cache 3.0.0.0.

Error: (02/16/2015 06:57:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Google Updateservice (gupdate)-service kan vanwege de volgende fout niet worden gestart:
%%2

Error: (02/16/2015 06:55:08 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000019 (0x0000000000000022, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP021615-27268-01

Error: (02/16/2015 05:41:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De MBAMService-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

Error: (02/16/2015 05:28:17 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 23) (User: NT AUTHORITY)
Description: Er is een fout (res=8) opgetreden tijdens het initialiseren van bronnen voor logboekregistratie voor kanaal Setup.

Error: (02/16/2015 05:28:15 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 23) (User: NT AUTHORITY)
Description: Er is een fout (res=8) opgetreden tijdens het initialiseren van bronnen voor logboekregistratie voor kanaal Microsoft-Windows-Audio/CaptureMonitor.

Error: (02/16/2015 05:28:15 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 23) (User: NT AUTHORITY)
Description: Er is een fout (res=8) opgetreden tijdens het initialiseren van bronnen voor logboekregistratie voor kanaal Microsoft-Windows-Audio/Operational.


Microsoft Office Sessions:
=========================
Error: (02/17/2015 10:50:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Test1\Downloads\esetsmartinstaller_enu.exe

Error: (02/17/2015 10:44:41 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (02/17/2015 10:44:41 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (02/17/2015 10:44:41 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (02/17/2015 02:01:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Cleaner_Validator.exe0.0.0.04d00bedaCSCDll.dll0.0.0.04d00be92c000000500000000000406a44bc01d04a11b7c95425C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exeC:\Program Files\COMODO\COMODO System-Cleaner\CSCDll.dll883cdfce-b640-11e4-bfef-90e6baa4d405

Error: (02/16/2015 06:37:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe35.0.1.5500edc01d04a0e7c510d8b78C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Error: (02/16/2015 02:48:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Cleaner_Validator.exe0.0.0.04d00bedaCleaner_Validator.exe0.0.0.04d00bedac0000005000000000001c0425fc01d049e8effea8b5C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exeC:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe7384ac72-b5e2-11e4-a824-90e6baa4d405

Error: (02/16/2015 02:07:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Test1\Downloads\esetsmartinstaller_enu.exe


==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 48%
Total physical RAM: 4095.24 MB
Available physical RAM: 2091.58 MB
Total Pagefile: 8648.43 MB
Available Pagefile: 6252.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:581.95 GB) (Free:460.69 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:14.13 GB) (Free:2.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=581.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=14.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#15 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 17 February 2015 - 05:00 AM

Hello, 

 

Looks like COMODO System-Cleaner was the culprit. Please uninstall this programme using Revo. 

 

Then try running the ESET scan again. Ensure you disable your Anti-Virus software beforehand. 


Edited by LiquidTension, 17 February 2015 - 05:00 AM.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users